Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/509K0AXFRxiYnBtREpR7oJMAGek.roa
File:                     509K0AXFRxiYnBtREpR7oJMAGek.roa (raw, json)
Hash identifier:          6HpJfxCd1cFkZtKjHaf7d7QfADuLimJ4JmGi+YxI8R8=
Subject key identifier:   E7:4F:4A:D0:05:C5:47:18:98:9C:1B:51:12:94:7B:A0:93:00:19:E9
Certificate issuer:       /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial:       01914C263C44F1F6888A25E24371A84402D2
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/509K0AXFRxiYnBtREpR7oJMAGek.roa
Signing time:             Tue 13 Aug 2024 14:30:59 +0000
ROA not before:           Tue 13 Aug 2024 14:30:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        89.249.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:26:3c:44:f1:f6:88:8a:25:e2:43:71:a8:44:02:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
        Validity
            Not Before: Aug 13 14:30:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e74f4ad005c54718989c1b5112947ba0930019e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d8:99:10:46:2e:9d:2e:12:5f:af:3f:0a:58:
                    ed:7d:cd:70:f2:fe:5f:bf:c6:c5:49:7a:ff:a8:ab:
                    c9:b4:7c:cd:e0:07:62:19:4b:85:d3:74:8f:b0:fb:
                    5d:83:b6:2a:bb:a7:fd:60:68:4a:1b:37:e8:ff:25:
                    24:fb:20:e0:03:ac:cb:ba:e4:46:94:07:f4:77:ce:
                    84:b4:38:65:c0:ae:57:99:a3:30:39:ed:4d:c1:ce:
                    13:68:96:8a:03:64:04:06:70:d4:d6:b6:69:14:bc:
                    e1:04:92:25:67:d0:1d:da:47:0e:f6:9e:0b:a2:8c:
                    c1:ab:e6:c3:26:f6:d5:38:6d:b8:35:18:0c:0d:9a:
                    a7:1e:a6:6a:4a:d5:52:a3:8d:88:ac:ec:32:1d:65:
                    12:9e:f1:2b:7e:3e:fe:0d:3e:e0:61:1a:e5:24:bc:
                    2c:91:e0:56:16:92:5e:d5:16:ff:bf:57:c2:ae:5f:
                    76:24:eb:6f:a6:81:99:75:81:58:28:d9:3d:41:4f:
                    24:46:08:84:9c:ad:14:63:e7:ac:ff:63:db:91:ab:
                    1f:c5:b6:6c:92:eb:74:8c:50:4d:34:bf:22:ed:57:
                    01:66:86:51:e4:e0:7d:83:79:d4:06:70:2f:86:b8:
                    98:a0:f3:6a:98:e0:fe:71:ec:23:32:18:10:a1:c7:
                    e6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:4F:4A:D0:05:C5:47:18:98:9C:1B:51:12:94:7B:A0:93:00:19:E9
            X509v3 Authority Key Identifier:
                keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/509K0AXFRxiYnBtREpR7oJMAGek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.249.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:6d:59:f1:47:37:5a:dc:e6:ef:a7:38:72:42:c1:93:f8:6c:
         23:56:38:f3:2d:ad:50:22:4d:36:06:64:e8:1d:95:a6:98:f5:
         f7:93:53:18:7f:53:bc:49:90:f4:aa:2a:15:16:79:36:d0:12:
         6d:68:fd:34:25:cd:37:31:a5:57:ff:c8:70:d2:ea:54:0c:0f:
         e1:b2:23:b7:e9:10:f8:65:54:39:7c:f7:0f:84:88:35:09:bc:
         41:2c:6a:22:20:e4:f3:c0:81:9a:3d:11:29:97:2d:2e:d2:17:
         3d:87:69:5a:d8:aa:4a:3e:b2:9c:3f:8c:45:9e:24:90:91:f0:
         29:d3:d6:f7:c5:ec:2a:cd:68:c3:be:e9:8b:88:f2:30:6a:7b:
         4b:4c:8f:ed:1e:93:05:01:e0:e6:fe:1d:d8:ec:c6:45:1a:02:
         70:bf:4d:a3:89:75:99:df:c5:e1:3b:5a:bf:74:f4:25:e4:5e:
         ff:c6:53:ee:0d:3b:59:17:7d:6b:b1:e5:bc:50:7d:69:63:2d:
         80:31:da:28:e0:b5:2b:98:3d:5a:02:e5:ac:06:07:45:4a:58:
         96:77:35:bc:3c:23:f8:a7:42:aa:d4:60:64:85:b5:c0:c2:97:
         a1:41:45:d3:2e:44:8e:07:be:89:78:6f:d9:49:17:7e:7a:12:
         29:dc:cc:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFMJjxE8faIiiXiQ3GoRALSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODEzMTQzMDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzRmNGFkMDA1YzU0NzE4OTg5YzFiNTExMjk0N2JhMDkzMDAxOWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNiZEEYunS4SX68/Cljtfc1w8v5f
v8bFSXr/qKvJtHzN4AdiGUuF03SPsPtdg7Yqu6f9YGhKGzfo/yUk+yDgA6zLuuRG
lAf0d86EtDhlwK5XmaMwOe1Nwc4TaJaKA2QEBnDU1rZpFLzhBJIlZ9Ad2kcO9p4L
oozBq+bDJvbVOG24NRgMDZqnHqZqStVSo42IrOwyHWUSnvErfj7+DT7gYRrlJLws
keBWFpJe1Rb/v1fCrl92JOtvpoGZdYFYKNk9QU8kRgiEnK0UY+es/2PbkasfxbZs
kut0jFBNNL8i7VcBZoZR5OB9g3nUBnAvhriYoPNqmOD+cewjMhgQocfmNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdPStAFxUcYmJwbURKUe6CTABnpMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvNTA5SzBBWEZSeGlZbkJ0UkVwUjdvSk1BR2VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnHMA0G
CSqGSIb3DQEBCwUAA4IBAQCzbVnxRzda3ObvpzhyQsGT+GwjVjjzLa1QIk02BmTo
HZWmmPX3k1MYf1O8SZD0qioVFnk20BJtaP00Jc03MaVX/8hw0upUDA/hsiO36RD4
ZVQ5fPcPhIg1CbxBLGoiIOTzwIGaPREply0u0hc9h2la2KpKPrKcP4xFniSQkfAp
09b3xewqzWjDvumLiPIwantLTI/tHpMFAeDm/h3Y7MZFGgJwv02jiXWZ38XhO1q/
dPQl5F7/xlPuDTtZF31rseW8UH1pYy2AMdoo4LUrmD1aAuWsBgdFSliWdzW8PCP4
p0Kq1GBkhbXAwpehQUXTLkSOB76JeG/ZSRd+ehIp3MxI
-----END CERTIFICATE-----